#!/bin/bash -e

# This file aims to be called by a cron task
# and not directly. See ssl-helper.

source /container/run/environment.sh

SSL_HELPER_TOOL=$1
PREFIX=$2
CERT_FILE=$3
KEY_FILE=$4
CA_FILE=$5
IMPACTED_SERVICES=$6
JSONSSL_FILE=$7
FROM_FILES=$8
CERT_FROM_FILE=$9
KEY_FROM_FILE=${10}
CA_CERT_FROM_FILE=${11}

function stop_impacted_services() {
    # Stop impacted services
    if [ -n "${IMPACTED_SERVICES}" ]; then
        log-helper info "Services to stop: ${IMPACTED_SERVICES}"
        
        impacted_services_table=("${IMPACTED_SERVICES}")
        for service in "${impacted_services_table[@]}"
        do
            log-helper info "Stopping ${service}..."
            sv stop "/container/run/process/${service}"
        done
        
        log-helper info "All services are stopped"
    fi
}

function start_impacted_services() {
    # restart impacted services
    if [ -n "${IMPACTED_SERVICES}" ]; then
        
        impacted_services_table=("${IMPACTED_SERVICES}")
        for service in "${impacted_services_table[@]}"
        do
            log-helper info "Starting ${service}..."
            sv start "/container/run/process/${service}"
        done
        
        log-helper info "All services are started"
    fi
}

# renew from container files
if [ "${FROM_FILES,,}" = "true" ]; then
    
    log-helper info "Check renew from files"
    renew=false
    
    # File previous md5
    CERT_PREVIOUS_MD5=$(cat "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5${CERT_FILE}.md5") || true
    KEY_PREVIOUS_MD5=$(cat "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5${KEY_FILE}.md5") || true
    CA_CERT_PREVIOUS_MD5=$(cat "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5${CA_FILE}.md5") || true
    
    # from file current md5
    FROM_CERT_MD5=$(md5sum "${CERT_FROM_FILE}" | awk '{ print $1 }')
    FROM_KEY_MD5=$(md5sum "${KEY_FROM_FILE}" | awk '{ print $1 }')
    FROM_CA_CERT_MD5=$(md5sum "${CA_CERT_FROM_FILE}" | awk '{ print $1 }')
    
    [[ "$CERT_PREVIOUS_MD5" != "$FROM_CERT_MD5" ]] && renew=true
    [[ "$KEY_PREVIOUS_MD5" != "$FROM_KEY_MD5" ]] && renew=true
    [[ "$CA_CERT_PREVIOUS_MD5" != "$FROM_CA_CERT_MD5" ]] && renew=true
    
    if ! $renew; then
        log-helper info "Certificate files are identicals"
        exit 0
    fi
    
    log-helper info "Certificate files are differents"
    
    stop_impacted_services
    
    if [ "${CERT_FROM_FILE}" != "${CERT_FILE}" ]; then
        log-helper info "Copy ${CERT_FROM_FILE} to ${CERT_FILE}"
        cp -f "${CERT_FROM_FILE}" "${CERT_FILE}"
    fi
    
    if [ "${KEY_FROM_FILE}" != "${KEY_FILE}" ]; then
        log-helper info "Copy ${KEY_FROM_FILE} to ${KEY_FILE}"
        cp -f "${KEY_FROM_FILE}" "${KEY_FILE}"
    fi
    
    if [ "${CA_CERT_FROM_FILE}" != "${CA_FILE}" ]; then
        log-helper info "Copy ${CA_CERT_FROM_FILE} to ${CA_FILE}"
        cp -f "${CA_CERT_FROM_FILE}" "${CA_FILE}"
    fi
    
    log-helper info "Update file md5 with new values"
    echo "${FROM_CERT_MD5}" > "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5${CERT_FILE}.md5"
    echo "${FROM_KEY_MD5}" > "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5${KEY_FILE}.md5"
    echo "${FROM_CA_CERT_MD5}" > "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5${CA_FILE}.md5"
    
    start_impacted_services
    
    # renew with cfssl or jsonssl
else
    log-helper info "Check renew for cfssl or jsonssl"
    
    cert_ok=false
    ca_ok=false
    
    # the certificate will expired in the next day
    if openssl x509 -checkend 259200 -noout -in "${CERT_FILE}"; then
        log-helper info "The certificate '${CERT_FILE}' is ok for the next 3 days at least."
        cert_ok=true
    fi
    
    if openssl x509 -checkend 259200 -noout -in "${CA_FILE}"; then
        log-helper info "The CA certificate '${CA_FILE}' is ok for the next 3 days at least."
        ca_ok=true
    fi
    
    if [ "${SSL_HELPER_TOOL}" = "jsonssl-helper" ]; then
        log-helper info "Check if ${JSONSSL_FILE} has changed"
        JSONSSL_FILE_PREVIOUS_MD5=$(cat "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5${JSONSSL_FILE}.md5") || true
        JSONSSL_FILE_MD5=$(md5sum "${JSONSSL_FILE}" | awk '{ print $1 }')
        
        [[ "${JSONSSL_FILE_PREVIOUS_MD5}" != "${JSONSSL_FILE_MD5}" ]] && cert_ok=false
    fi
    
    if ${cert_ok} && ${ca_ok}; then
        log-helper info "Nothing to do :)"
        exit 0
    fi
    
    log-helper info "Auto-renew on the way!"
    
    stop_impacted_services
    
    log-helper info "Remove certificate files"
    rm -f "${CERT_FILE}" "${KEY_FILE}" "${CA_FILE}"
    
    log-helper info "Regenerate certificate with ${SSL_HELPER_TOOL}"
    ${SSL_HELPER_TOOL} "${PREFIX}" "${CERT_FILE}" "${KEY_FILE}" "${CA_FILE}"
    
    start_impacted_services
    
    if [ "${SSL_HELPER_TOOL}" = "jsonssl-helper" ]; then
        log-helper info "Update file md5 with new values"
        echo "${JSONSSL_FILE_MD5}" > "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/md5${JSONSSL_FILE}.md5"
    fi
    
fi

log-helper info "Auto-renew finished! Champagne!"
